not working with Cloudflare dns

Certificate is still valid for 1 year.

It’s spf record that doesn’t work.

This is the proxy certificate, I was talking about your server certificate.

What’s your encryption mode on Cloudflare?

It’s Full - Encrypts end-to-end, using a self signed certificate on the server

That’s precisely what I meant. You should switch that to Full Strict and renew your certificate.

I do manage around 20+ domains and in the near future that can come to 50 or even 100 really fast. Wouldn’t that make extra work and possibly more problems in long run?

I am not sure what you are saying, but a site needs to be secure before you add it to Cloudflare. It seems you run 100 domains still in an insecure fashion.

Why you should choose Full Strict, and only Full Strict has all information on that.

You should be automating the issuance of certificates anyways when you’re managing lots of domains. The Origin CA docs list a few API endpoints that’ll help you do this.

1 Like

Thanks for the suggestion. but can be stick to why SMTP doesn’t work? Customers can’t send any emails now, which is the main problem right now.

You have an insecure site right now and that should really be fixed first. Then we can check other issues.

That takes a couple of minutes and the linked tutorials has all the details.

You have an insecure site right now and that should really be fixed first

As you can see this website does not contain any login system or any backend at all. So even if I wouldn’t have an SSL certificate installed it would be still okay.

Then it’s best to just turn of SSL, as there’s no critical information.

1 Like

Can we please focus back on the problem that Cloudflare and even ImproxMX companies can’t find the solution?

If you don’t need SSL, as you mentioned, set it to Off. Otherwise fix your setup. Not sure why we need to discuss this, this could have been fixed for hours already.

As I mentioned, once you fixed the first step we can check out the other issues.

SSL is not connected to the mail server in any way. If I understand that correctly.

Cloudflare is not involved in outbound mail connections to other mail servers. ImprovMX support’s claim that that they can’t “query DNS for the domain entirely” doesn’t make sense, as it’s widely resolved:

I suggest you contact them again and ask for more specific advice.

In your case apparently not even your webserver.

No offence, but you seem to be the typical web host with the highly qualified team of experts

who doesn’t give a damn about actual security but offers the usual bogus “services”, well hidden behind a proxy certificate. Deceiving customers and their visitors. Not the first, not the last.

Thanks will do that.

1 Like

The current SPF record says:
v=spf1 mx a -all

If you are relying on the a value to cover outgoing email (i.e email that is being sent directly from your origin webserver), then you will need to replace that with an ip record (unless it is already covered by the record.) Using a with Cloudflare proxied hostnames :orange: will not have the desired effect, as Cloudflare do not send email through the proxy IP addresses.

1 Like